Executive Summary

Informations
Name CVE-2012-6656 First vendor Publication 2014-12-05
Vendor Cve Last vendor Modification 2017-07-01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25924
 
Oval ID: oval:org.mitre.oval:def:25924
Title: SUSE-SU-2014:1129-1 -- Security update for glibc
Description: This glibc update fixes a critical privilege escalation problem and two additional issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#836746: Avoid race between {, __de}allocate_stack and __reclaim_stacks during fork. * bnc#844309: Fixed various overflows, reading large /etc/hosts or long names. (CVE-2013-4357) * bnc#894553, bnc#894556: Fixed various crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656) Security Issues: * CVE-2012-6656 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656> * CVE-2013-4357 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357> * CVE-2014-5119 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119> * CVE-2014-6040 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1129-1
CVE-2014-5119
CVE-2013-4357
CVE-2014-6040
CVE-2012-6656
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26817
 
Oval ID: oval:org.mitre.oval:def:26817
Title: SUSE-SU-2014:1128-1 -- Security update for glibc
Description: This glibc update fixes a critical privilege escalation problem and the following security and non-security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) * bnc#860501: Use O_LARGEFILE for utmp file. * bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) * bnc#824639: Drop lock before calling malloc_printerr. * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) * bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Security Issues: * CVE-2014-5119 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119> * CVE-2014-4043 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043> * CVE-2013-4332 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332> * CVE-2013-4237 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237> * CVE-2013-0242 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242> * CVE-2012-4412 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1128-1
CVE-2014-5119
CVE-2014-4043
CVE-2013-4332
CVE-2013-4237
CVE-2013-0242
CVE-2012-4412
CVE-2014-6040
CVE-2012-6656
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): glibc
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 108
Os 4
Os 1

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1128-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1129-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0164-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0167-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0170-1.nasl - Type : ACT_GATHER_INFO
2015-04-02 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16342.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-139.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-97.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201503-04.nasl - Type : ACT_GATHER_INFO
2015-02-11 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-150129.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3142.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2432-1.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-175.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/69472
CONFIRM https://sourceware.org/bugzilla/show_bug.cgi?id=14134
https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7...
DEBIAN http://www.debian.org/security/2015/dsa-3142
GENTOO https://security.gentoo.org/glsa/201503-04
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
MLIST http://www.openwall.com/lists/oss-security/2014/08/29/3
http://www.openwall.com/lists/oss-security/2014/09/02/1
UBUNTU http://www.ubuntu.com/usn/USN-2432-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Date Informations
2020-05-24 01:10:04
  • Multiple Updates
2020-05-23 01:50:33
  • Multiple Updates
2020-05-23 00:35:34
  • Multiple Updates
2019-03-07 12:05:10
  • Multiple Updates
2018-05-30 12:04:40
  • Multiple Updates
2017-12-15 12:01:31
  • Multiple Updates
2017-07-01 09:23:10
  • Multiple Updates
2016-08-27 00:24:32
  • Multiple Updates
2016-04-26 22:37:38
  • Multiple Updates
2015-05-21 13:29:56
  • Multiple Updates
2015-04-03 13:28:07
  • Multiple Updates
2015-03-27 13:27:53
  • Multiple Updates
2015-03-17 09:25:45
  • Multiple Updates
2015-03-10 13:24:56
  • Multiple Updates
2015-02-12 13:23:55
  • Multiple Updates
2015-01-28 13:23:53
  • Multiple Updates
2014-12-06 00:24:40
  • Multiple Updates
2014-12-05 21:26:41
  • First insertion